However, ii weeks agone researchers at Google, Kaspersky Lab, Intezer in addition to Symantec linked WannaCry to ‘Lazarus Group,’ a state-sponsored hacking grouping believed to piece of occupation for the North Korean government.
Now, novel interrogation from night spider web intelligence theatre Flashpoint indicates the perpetrators may last Chinese, based on its ain linguistic analysis.
Flashpoint researchers Jon Condra in addition to John Costello analyzed each of WannaCry's localized ransom notes, which is available inwards 28 languages, for content, accuracy, in addition to style, in addition to discovered that all the notes, except English linguistic communication in addition to Chinese versions (Simplified in addition to Traditional), had been translated via Google Translate.
According to the research, Chinese in addition to English linguistic communication versions of the ransomware notes were most probable written past times a human.
On farther analysis, researchers discovered that the English linguistic communication ransom banknote contains a "glaring" grammatical error, which suggests the ransomware author may last a non-native English linguistic communication speaker.
“Though the English linguistic communication banknote appears to last written past times mortal alongside a rigid ascendence of English, a glaring grammatical fault inwards the banknote propose the speaker is non-native or maybe poorly educated.”
And since Google Translate does non piece of occupation practiced at translating Chinese to English linguistic communication in addition to English linguistic communication to Chinese, in addition to frequently produces inaccurate results, the English linguistic communication version could last written for translating the ransom banknote into other languages.
“Comparisons betwixt the Google translated versions of the English linguistic communication ransomware banknote to the corresponding WannaCry ransom banknote yielded nearly identical results, producing a 96% or inwards a higher house match.”
According to the Flashpoint report, the Chinese ransom notes comprise "substantial content non introduce inwards whatever other version of the note," in addition to they are longer than in addition to formatted differently from the English linguistic communication one.
The Chinese ransom notes too piece of occupation proper grammar, punctuation, syntax, in addition to graphic symbol alternative – indicating that the ransomware author is fluent inwards the Chinese language.
"A typo inwards the note, gain zu (幫組) instead of gain zhu (幫助), which way ‘help,' strongly indicates the banknote was written using a Chinese-language input scheme rather than beingness translated from a unlike version," the researchers explain.
"The text uses sure enough price that farther narrow downward a geographic location. One term, libai ( 禮拜 ) for ‘week,’ is to a greater extent than mutual inwards southern China, Hong Kong, Taiwan, in addition to Singapore...The other “杀毒软件” for “anti-virus” is to a greater extent than mutual inwards the Chinese mainland."
All these clues made Flashpoint researchers into believing alongside high confidence that the unknown author or authors of WannaCry ransomware are fluent Chinese speaker in addition to that the Chinese are the source of the English linguistic communication version of the ransom note.
However, Flashpoint researchers say it's difficult to speculate the nationality of the WannaCry hackers equally they may last affiliated to whatever Asian (China, Hong Kong, Taiwan, or Singapore).
WannaCry epidemic striking to a greater extent than than 300,000 PCs inwards to a greater extent than than 150 countries inside simply 72 hours, using self-spreading capabilities to infect vulnerable Windows PCs, peculiarly those using older versions of the operating system.
While most of the affected organisations accept straight off returned to normal, police line enforcement agencies across the basis are on the hunt.
Share This :
comment 0 Comments
more_vert